Hi

When considering heap overflows in the context of "Linux",
the (old) w00w00[1] article is the standard reference. When it comes
to heap overflow protection, I am always pointed towards Pitbull[2]
(SuSE, RedHat) or grsecurity[3] (via PAX: also randomisation of
heap base). I also stumbled upon wkr Heap protection[4]. What about
RSBAC[5]? Does it work (I have no idea )?


Hence, a lot of options, but has anyone experience with them?
Are they "common" (again, indicating my ignorance - I just realised
I wasn't bothered with this for a long time)?


And - are these methods a reasonable approach anyway?
What about "compartmentalization and separation of processes"-
approaches (as in SELinux and flavours)? Is this the future or
already present day?
(the idea behind: remove one of the necessary conditions and a vulnerability
just becomes a security flaw[5]. The heap overflow ceases to be exploitable.)


Thanks.

Cheers


P.s. I also realised it is much harder to ask questions than to answer
them


[1] http://www.w00w00.org/files/articles/heaptut.txt
[2] http://www.argus-systems.com/
[3] http://www.grsecurity.net/
[4] http://www.cs.ucsb.edu/~wkr/projects/heap_protection/
[5] http://www.rsbac.org/
[6] http://www.sei.cmu.edu/pub/documents...df/05tn003.pdf